models: factor out api_attributes to policies.

Refactor models so that we define attribute API permissions in policy files instead of directly in models. This is cleaner because a) permissions are better handled by policies and b) which attributes are visible to the API is an API-level concern that models shouldn't have to care about. This fixes an issue with not being able to precompile CSS/JS assets unless the database was up and running. This was a problem when building Docker images because we don't have a database at build time. We needed the database because `api_attributes` was a class-level macro in some places, which meant it ran at boot time, but this triggered a database call because api_attributes used database introspection to get the list of allowed API attributes.
2020-06-08 18:38:02 -05:00
parent b6ed63841d
commit eacb4d4df3
20 changed files with 81 additions and 79 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -420,30 +420,6 @@ class User < ApplicationRecord
  end

  module ApiMethods
-    def api_attributes
-      attributes = %i[
-        id created_at name inviter_id level
-        post_upload_count post_update_count note_update_count is_banned
-        can_approve_posts can_upload_free level_string
-      ]
-
-      if id == CurrentUser.user.id
-        attributes += BOOLEAN_ATTRIBUTES
-        attributes += %i[
-          updated_at last_logged_in_at last_forum_read_at
-          comment_threshold default_image_size
-          favorite_tags blacklisted_tags time_zone per_page
-          custom_style favorite_count api_regen_multiplier
-          api_burst_limit remaining_api_limit statement_timeout
-          favorite_group_limit favorite_limit tag_query_limit
-          is_comment_limited?
-          max_saved_searches theme
-        ]
-      end
-
-      attributes
-    end
-
    # extra attributes returned for /users/:id.json but not for /users.json.
    def full_attributes
      %i[